IN THE CLAIMS 

1. (Cvirrently amended) A method for secure generation of a seed for use in performing 
one or more cryptographic operations, the method comprising the steps of: 

a seed generation server providing a first string to a seed generation client; 

the seed generation client generating a second string responsive to receipt of the 
first string, encrypting the second string utilizing a key, and sending the encrypted second string 
to the seed generation server; 

the seed generation client generating the seed as a function of at least the first 
string and the second string; and 

the seed generation server decrypting the encrypted second string and 
independently generating the seed as a function of at least the first string and the second string; 

wherein the seed generation server sends an authentication code to the seed 
generation client, the authentication code proving knowledge of the generated seed and 
instructing the seed generation client to store the generated seed: and 

wherein the authentication code is cryptographically derived from a secret key 
shared by the seed generation client and the seed generation server . 

2. (Original) The method of claim 1 wherein the seed comprises a symmetric key. 

3. (Previously presented) The method of claun 1 wherein the seed is generated, by at least 
one of the seed generation chent and the seed generation server, as a fimction of the second 
string, the first string, and identifying information associated with the seed generation server. 

4. (Original) The method of claim 3 wherein the identifying information associated with 
the seed generation server comprises a public key of the seed generation server. 

5. (Original) The method of claim 1 wherein the key utihzed by the seed generation chent 
to encrypt the second string comprises a public key of the seed generation server. 
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6. (Original) The method of claim 1 wherein the key utilized by the seed generation cHent 
to encrypt the second string comprises a secret key shared by the seed generation cUent and the 
seed generation server. 

7. (Original) The method of claim 1 wherein the seed generation client comprises or is 
otherwise associated with an authentication token. 

8. (Original) The method of claim 1 wherein the seed generation server comprises or is 
otherwise associated with an authentication entity. 

9. (Canceled) 

10. (Canceled) 

11. (Original) The method of claim 1 wherein the seed generation server sends the 
generated seed to an authentication entity. 

12. (Original) The method of claim 11 wherein the seed generation server also sends user 
identifying information associated with the seed to the authentication entity. 

13. (Origmal) The method of claim 1 wherein the seed generation client is associated 
with a first processing device and the seed generation server is associated with a second 
processing device. 

14. (Original) The method of claim 1 wherein the seed generation client and the seed 
generation server communicate with one another through at least one intermediary processing 
device. 

15. (Previously presented) The method of claim 1 wherein the seed generation server 
initiates the seed generation process responsive to receipt of a command. 
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16. (Original) The method of claim 1 wherein the seed generation server initiates the seed 
generation process responsive to receipt of a request initiated by the seed generation client. 

17. (Original) The method of claim 16 wherein the seed generation cUent in response to 
initiation of the seed generation process by the seed generation server provides the seed 
generation server with information indicating one or more processing algorithms suitable for use 
in the seed generation process. 

18. (Original) The method of claim 17 wherein the seed generation server responsive to 

the information indicating one or more processing algorithms provides to the seed generation 
client additional information specifying one or more characteristics of the seed generation 
process. 

19. (Currently amended) Th e m e thod of claim 1 A method for secure generation of a seed 
for use in performing one or more cryptographic operations, the method comprising the steps of: 

a seed generation server providing a first string to a seed generation client: 

the seed generation client generating a second string responsive to receipt of the 
first string, encrypting the second string utilizing a key, and sending the encrypted second string 
to the seed generation server; 

the seed generation chent generating the seed as a function of at least the first 
string and the second string: and 

the seed generation server decrypting the encrypted second string and 
independently generating the seed as a function of at least the first string and the second string; 

wherein the second string comprises a combination of at least two component 
strings, including at least a first component generated in the seed generation client by interaction 
with the seed generation server and a second component previously stored in title seed generation 
chent. 



20. (Currently amended) The method of claim 1 A method for secure generation of a seed 
for use in performing one or more cryptographic operations, the method comprising the steps of: 



a seed generation server providing a first string to a seed generation client: 



the seed generation client generating a second string responsive to receipt of the 
first string, encrypting the second string utilizing a key, and sending the encrypted second string 
to the seed generation server; 

the seed generation client generating the seed as a function of at least the first 
string and the second string: and 

the seed generation server decrypting the encrvpted second string and 
mdependentlv generating the seed as a function of at least the first string and the second string; 

wherein the seed is generated by repeatedly applying a cryptographic algorithm to 
successive portions of an additional string generated utihzing the first string, the second string 
and the key. 

21. (Original) The method of claim 20 wherein the additional string generated utilizing 
the first string, the second string and the key comprises a concatenation of the first string, the 
second string and the key. 

22. (Original) The method of claim 20 wherein the additional string comprises n portions 
C[l], C[2], . . . C[n], and the seed is generated by computing: 

I[l]= Algorithm (C[1],C[2]) 
I[2]=Algoritimi(I[l],C[3]) 

I[«-l] = Algorithm (I[«-2], C[n]) 

seed = I[«-l], 

where Algorithm (A, B) denotes application of the cryptographic algorithm to portion B of the 
string utilizing an algorithm parameter denoted by A. 

23. (Original) The method of claim 20 wherein the cryptographic algorithm comprises a 
one-way cryptographic operation. 
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24. (Original) The method of claim 23 wherein the one-way cryptographic operation 
comprises a hash function. 

25. (Original) The method of claim 20 wherein the cryptographic algorithm comprises an 
encryption operation. 

26. (Original) The method of claim 25 wherein the encryption operation comprises the 
AES algorithm, 

27. (Original) The method of claim 1 wherein the seed generation client stores the 
generated seed in an authentication token. 

28. (Original) The method of claim 1 wherein the seed generation server stores the 
generated seed in an authentication entity, 

29. (Original) The method of claim 1 wherein the generated seed is used to replace an 
existing seed known to both the seed generation client and the seed generation server. 

30. (Original) The method of claim 29 wherein the generated seed is used to replace an 
existing seed in an authentication token associated with the seed generation cUent and in an 
authentication entity associated with the seed generation server. 

31. (Original) The method of claim 30 wherein the authentication token replaces the 
existing seed with the generated seed after the receipt of a signal from the authentication entity, 

32. (Original) The method of claim 31 wherein the signal from the authentication entity 
comprises an authentication code cryptographically derived from the seed. 

33. (Original) The method of claim 30 wherein the authentication entity replaces the 
existing seed with the generated seed after receipt of a signal from the authentication token. 
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34. (Original) The method of claim 33 wherein the signal from the authentication token 
comprises an authentication code cryptographically derived from the seed. 

35. (Currently amended) An apparatus for secure generation of a seed for use in 
performing one or more cryptographic operations, the apparatus comprising: 

a processing device comprising a processor coupled to a memory, the processing 
device implementing at least one of a seed generation client and a seed generation server; 

wherein the seed generation server provides a first string to the seed generation 

client; 

the seed generation client generates a second string responsive to receipt of the 
first string, encrypts the second string utilizing a key, and sends the encrypted second string to 
the seed generation server; 

the seed generation chent generates the seed as a fimction of at least the first 
string and the second string; and 

the seed generation server decrypts the encrypted second string and independently 
generates the seed as a function of at least the first string and the second string; 

wherein the seed generation server sends an authentication code to the seed 
generation chent, the authentication code proving knowledge of the generated seed and 
instructing the seed generation client to store the generated seed; and 

wherein the authentication code is cryptographically derived from a secret key 
shared by the seed generation client and the seed generation server . 

36. (Currently amended) A non-transitory machine-readable storage medium containing 
one or more software programs for secure generation of a seed for use in performing one or more 
cryptographic operations, wherein the one or more software programs when executed by a 
processing device implement at least one of a seed generation client and seed generation server; 

wherein the seed generation server provides a first string to the seed generation 

client; 

the seed generation client generates a second string responsive to receipt of the 
first string, encrypts the second string utilizing a key, and sends the encrypted second string to 
the seed generation server; 
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the seed generation client generates the seed as a function of at least the first 
string and the second string; and 

the seed generation server decrypts the encrypted second string and independently 
generates the seed as a function of at least the first string and the second stringi 

wherein the seed generation server sends an authentication code to the seed 
generation chent. the authentication code proving knowledge of the generated seed and 
instructing the seed generation client to store the generated seed: and 

wherein the authentication code is cryptographically derived fi'om a secret key 
shared by the seed generation client and the seed generation server . 

37. (Currently amended) A method for secure generation of a seed for use in performing 
one or more cryptographic operations, the method being implemented in a seed generation cUent, 
the method comprising the steps of: 

receiving a first string fi'om a seed generation server; 

generating a second string responsive to receipt of the first string, encrypting the 
second string utilizing a key, and sending the encrypted second string to the seed generation 
server; and 

generating the seed as a function of at least the first string and the second string; 

wherein the first string and the second string are configured so as to permit the 
seed generation server to independently generate the seed as a function of at least the first string 
and the second string; 

wherein the seed generation chent receives an authentication code from the seed 
generation server, the authentication code proving knowledge of the generated seed and 
nistructing the seed generation client to store the generated seed; and 

wherein the authentication code is cryptographically derived from a secret key 
shared by the seed generation client and the seed generation server . 



38. (Currently amended) An apparatus for secure generation of a seed for use in 
performing one or more cryptographic operations, the apparatus comprising: 

a processing device comprising a processor coupled to a memory, the processing 
device implementing a seed generation client; 
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the seed generation client being configured: (i) to receive a first string from a seed 
generation server; (ii) to generate a second string responsive to receipt of the first string, to 
encrypt the second string utilizing a key, and to send the encrypted second string to the seed 
generation server; and (iii) to generate the seed as a fiinction of at least the first string and the 
second string; 

wherein the first string and the second string are configured so as to permit the 
seed generation server to independently generate the seed as a fiinction of at least the first string 
and the second string; 

wherein the seed generation cUent receives an authentication code from the seed 
generation server, the authentication code proving knowledge of the generated seed and 
instructing the seed generation client to store the generated seed; and 

wherein the authentication code is crypto graphicallv derived from a secret kev 
shared by the seed generation client and the seed generation server . 

39. (Currently amended) A method for secure generation of a seed for use in performing 
one or more cryptographic operations, the method being implemented in a seed generation 
server, the method comprising the steps of: 

providing a first string to a seed generation chent; 

receiving from the seed generation client a second string generated responsive to 
receipt of the first string and encrypted utilizing a key; 

decrypting the encrypted second string; and 

generating the seed as a fiinction of at least the first string and the second string; 

wherein the first string and the second string are configured so as to permit the 
seed generation client to independently generate the seed as a fimction of at least the first string 
and the second string; 

wherein the seed generation server sends an authentication code to the seed 
generation chent. the authentication code proving knowledge of the generated seed and 
instructing the seed generation cUent to store the generated seed: and 

wherein the authentication code is crypto graphically derived from a secret key 
shared by the seed generation client and the seed generation server . 



40. (Currently amended) An apparatus for secure generation of a seed for use in 
performing one or more cryptographic operations, the apparatus comprising: 

a processing device comprising a processor coupled to a memory, the processing 
device implementing a seed generation server; 

the seed generation server being configured: (i) to provide a first string to a seed 
generation cUent; (ii) to receive from the seed generation client a second string generated 
responsive to receipt of the first string and encrypted utilizing a key; (iii) to decrypt the 
encrypted second string; and (iv) to generate the seed as a function of at least the first string and 
the second string; 

wherein the first string and the second string are configured so as to permit the 
seed generation client to independently generate the seed as a function of at least the first string 
and the second string; 

wherein the seed generation server sends an authentication code to the seed 
generation cUent. the authentication code proving knowledge of the generated seed and 
instructing the seed generation client to store the generated seed: and 

wherein the authentication code is crvptographically derived from a secret key 
shared by the seed generation cUent and the seed generation server . 

41. (New) The method of claim 37, wherein the seed is generated by repeatedly applying 
a cryptographic algorithm to successive portions of an additional string generated utilizing the 
first string, the second string and the key. 

42. (New) The method of claim 39, wherein the seed is generated by repeatedly applying 
a cryptographic algorithm to successive portions of an additional string generated utilizing the 
first string, the second string and the key. 
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